﻿<%
Function strSQLL()            '防SQL注入代码

	Dim GetFlag Rem(提交方式)
	Dim ErrorSql Rem(非法字符) 
	Dim RequestKey Rem(提交数据)
	Dim ForI Rem(循环标记)
	Dim RUN Rem(是否非法传递参数)
	ErrorSql = "and~update~wapqt3gcom~exec~insert~select~delete~count~master~truncate~declare~drop~create~eval~xp_~sp_~cmd~command~dir~c:~d:~net~update" Rem(每个敏感字符或者词语请使用半角 "~" 格开)
	ErrorSql = split(ErrorSql,"~")
	If Request.ServerVariables("REQUEST_METHOD")="GET" Then
		GetFlag=True
	Else
		GetFlag=False
	End If
	If GetFlag Then
		For Each RequestKey In Request.QueryString
			For ForI=0 To Ubound(ErrorSql)
				If Instr(LCase(Request.QueryString(RequestKey)),ErrorSql(ForI))<>0 Then
					RUN=true
				End If
			Next
		Next 

	End If
    End Function

%>